In the late 1990s and early 2000s, FISMA and HIPPA contributed to the rapid scaling of cybersecurity and identity and access management (IAM) infrastructure within the financial services and healthcare industries. With mature infrastructure in place today, these industries are pioneering the development of secure and compliant data-sharing mechanisms. For example, the financial services industry is driving innovation through the U.K.'s recently enacted Open Banking Standard, which enables banking data to be shared through secure, open APIs so that customers (both individuals and businesses) can more effectively manage their wealth.1
Without compliance as a driving force to security modernization, many less-regulated industries are falling behind as their primary focus is on securing user data instead of product and service innovation. And with user data in the spotlight, many organizations are reluctant to consider new digital products and services if it means increased legal exposure and public backlash from the potential for misuse.
Customer IAM (CIAM) infrastructure provides an answer to many aspects of this dilemma by leveraging centralized policies to consistently enforce customer opt-in/out choices, communication preferences and more. These solutions arm customers with fine-grained control over who has access to their data and which attributes they choose to share. All of these services are available today with end-to-end data security built in to ensure customer trust is maintained.
As new and diverse categories of nontraditional sensitive data arise, consent ceremonies will take place over a broader number of scenarios. For example, Uber has started requesting access to users' personal contacts so they can ask for a ride to wherever a friend currently is. Uber says it doesn't expect privacy objections because users will have to agree to allow the app to scan their calendars and address books.2 Maintaining consumer trust while handling location and IoT data will be crucial for digital services asking for wider breadths of sensitive information.
Is your organization ready to differentiate on digital services? To learn more about the regulatory environment surrounding privacy and consent, consent scenarios and underlying standards and technologies, see our white paper: Best Practices for User-Managed Consent.